From Offensive-security.com
Jump to: navigation, search

Object 1

[hide] • 1 Wireles s Cards And Drivers • 1 . 1 N o t e s a b o u t V M W a r e o r a n y o t h e r v i r t u a l i s

432a (4321 802. All others are with 4313. 4324. 4329 (4321 802. 4328 (4321 802.20/2. To tell for sure if your card is supported. 4321 (aka 4306 802.11n 2. Do not ask for support when using VMWare or any other virtualisation software when you have either: PCI/PCI-E/PCMCIA/MINI-PCI/MINI-PCIe/EXPRESS CARD and that you want virtualisation support in either #remote-exploit or the forum as this is beyond our control.4GHz). 432d can only use broadcom's linux_sta driver.0 (Final) has the following drivers included. Notes for broadcom owners Broadcom has used some of the BCM43XX designations for more than one flavor of card.11 5GHz). click on the link that says something similar to the word `patch'. Note that the links provided may not be current and that patches may/may not work. the card is supported with b43 driver. which is similar to using . or 4325. use the command 'lspci -n| grep 14e4'. 4320. 4319.hatake_kakashi madwifi-ng (Patched for Injection) hostap (Patched for Injection) prism54 (Patched for Injection) bcm43xx (Patched for Injection) rtl8180 [1] (Patched for Injection) rtl8187 (Patched for Injection) ipw2200 (Patched for Injection) rt2570 (ASPj's Drivers) rt2500 [2] (not sure if patched already but can be added with this link http://aircrack-ng.2.21. in addition to the standard 2.11b/g? only). If 14e4:XXXX is 4301.6. 4315 (4310?).3.org/doku. please add it in! BackTrack V. If you have tested a card that does not appear on this list. More information maybe found at Talk:HCL:Wireless or on the forum. You have been forewarned. 4318. 432c. .Wireless Cards And Drivers This section lists Cards that have been tested with BackTrack. 4307.6.0-BackTrack V.5 kernel drivers: • • • • • • • • • • • • • • • -muts The links provided above for the driver of the chipset are the links to the developer's actual homepage. 432b (4322). If you want to know where the patches are coming from. 4311.php? id=rt2500&DokuWiki=c3d1aad1f57c675981be7c8290e369d6) rt61 rt73 ipw2100 ipw3945 acx100 (Patch available -BETA-) zd1211rw (Patch available -BETA-) • wlan-ng HAS BEEN REMOVED! Prism2 card owners should use the Hostap Drivers Notes about VMWare or any other virtualisation software VMWare or any other virtualisation software generally does not allow backtrack 2 or 3 or any other OS as guest to operate fully with any devices that are not USB which also includes wireless devices. 4312.11n dualband).

com.wifi0. Last but not least. there is absolutely NO support whatsoever with linux_sta for monitoring/injecting.lzm if you downloaded cdrom version and will need to compile this driver. edit your kismet.dlink. Desperate users can try and join their mailing list Tested Card List PCI Asus WL-138g v2 • Driver : bcm43xx • Chipset : Broadcom • External Antenna: Reverse connector (RP-SMA) with a detachable antenna Works out of the box.Atheros" Notice: To set up your MAC (optional) and switch into Monitor Mode type: airmon-ng stop ath0 macchanger -a wifi0 iwconfig ath0 mode Monitor . Product link : http://www. You will need kernel. You may also need compat-wireless if the driver does not work and/or search for possible answers via google.ndiswrapper. Belkin F5D8001 • Works out of the box.conf) to "source=madwifi_g. CNet CWP-854 • • • • Driver : rt2500 Chipset : Ralink 2500 External Connectors: RP-SMA Works out of the box.conf file (/usr/local/etc/kismet. Dlink DWA-520 • • • • • Driver : Madwifi-ng Chipset : Atheros External Connectors : RP-SMA Works out of the box in BT3 Final.my/products/?idproduct=199 Dlink DWA-552 • • • • Driver : Madwifi-ng Chipset : Atheros AR5212 a/b/g/n For Kismet. Injection is perfect.

msi. Foxconn WLL-3350 • Driver: rt2500 MSI PC60G • Driver : RT61 • Chipset : Ralink • Works out of the box. Dlink DWL-G520 • Chipset : Atheros • External Antenna: RP-SMA • Works out of the box. http://www. rt73 • External Antenna: REV-SMA Read here Dynex DX-EBDTC • Chipset : Broadcom • Works right of of box. Injection and monitor mode IS supported.tw/index. Dlink DWL-G550 • Chipset : Atheros AR5212 (within AR5002X) • External Antenna: Yes.dlink.com/products/?sec=0&pid=414 Dlink DWL-G510 • Chipset : Atheros AR5212a/b/g. omni-directional dipole antenna with 5dBi • Works great out of the box.com.php?func=proddesc&prod_no=1063&maincat_no=131 Netgear WG311T • Driver : Madwifi-ng . Ralink RT73 • Driver : madwifi-ng.Dlink DWL-AG530 • Works out of the box. Injection and such (wireless tools) not functional http://global.

11b/g (rev 3) Hardware ver Dell 1350 WLAN MiniPCI Environment HP Pavilion ZV5330us HP Pavilion zd8000 Compaq Presario 2500 Compatibility Internet Monitor Injection Software ver 2. http://www.aspx Netgear WPN311 • Driver : Madwifi-ng • Chipset : Atheros • External Antenna: RP-SMA Connector Works great out of the box including injection.20-BT-PwnSauceNOSMP bcm43xx bcm43xx bcm43xx bcm43xx yes ? yes yes yes ? yes yes no no ? no • • • • • Driver : bcm43xx Notebook HP NX6110 model PT601AA#AKD Notebook HP Pavilion ZV6170us (part of zv6000 series) Notebook Compaq Presario V2405CA Not sure what chipset it is but doesn't work with built in Broadcom B/G Notebook acer TravelMate 2413LMi Not sure what chipset it is but Packet injection does not work with buit in Broadcom B/G .com/Products/Adapters/SuperGWirelessAdapters/WG311T. Injection works as Well.312ft / 400m • Indoors up to 328ft / 100m Works great out of the box including injection Mini PCI (Built in) Broadcom BCM4306 802.• Chipset : Atheros • External Antenna: RP-SMA Connector Works perfectly out of the box.netgear.6. SMC SMCWPCI-G • Chipset : Atheros • Antenna Type : External SMA (detachable) • Operating Range : • Outdoors up to 1.

and install Kismet works fine but I prefer airodump-ng Attack works under aireplay -2 -3 -4 -5 and -9.Injection works! http://forums.It will capture packets but does not inject.org/showthread. .9) bt ~ # ifconfig eth0 up bt ~ # iwconfig eth0 mode Monitor channel # Use aireplay-ng attack 1 (fake authentication) and then attack 3 (ARP request replay attack).Injection works but you need to have a recent version of aircrack-ng (it worked for me with the 0. • Notebook HP Pavilion dv5215us . IBM AR5212 802.aireplay-ng --arpreplay -b 00:00:00:00:00:00 -h 11:11:11:11:11:11 -i rtap0 eth1 • GUI Wireless tools are at early development.0.90 need to compile. .Broadcom BCM4318 802. ===================================== YES for IPW2200 Sorry. due to an ipw2200 limitation.1 and package of aircrack. ONLY the "--interactive". but cannot inject. Things may appear failing when they are actually working: . This allows to capture at the same time using the rtap0 interface with other programs.remote-exploit.11b/g • Driver : bcm43xx • Notebook Compaq v2312us .2. -theprez98 • Notebook Acer 5000 . BT) • About Injection.Running Kismet a 2nd time does not work because inteface is set in monitor mode. but not for -0 and -1 IPW2200 • Driver : IPW2200 (With Injection Patches) • Boots Live and installs on hard drive detecting and installing the ipw2200 pached drivers perfectly (also on dual and multi-boot environments (MacOS. XP.000 packets injected in <5 minutes. but it works with injection patch I use ipw2200-1.11abg NIC (rev 01) • Driver : Atheros IPW2100 • Driver : IPW2100 • Special Notes: Will enter monitor mode. Void11 cannot be used to deauth stations.It will capture packets but does not inject. Example of arp injection command: . Vista. You must enable the rtap0 interface executing the following commands to make injection posible before doing anything else: rmmod ipw2200 modprobe ipw2200 rtap_iface=1 ifconfig eth1 up ifconfig rtap0 up • Injection has proven to be succesfull with "-i rtap0 eth1" interface parameter at the end of your aireplay-ng --arpreplay command.php?t=7190 First place card in monitor mode (include channel of target AP): • AirForce One 54g . ~40. "--arpreplay" and "-chopchop" options of Aireplay-ng work.Wireless assistant may say "connection failed" but you are associated with the AP. Sometimes they don't work as expected and network parameters must been set in konsole.

-3. learn and practice all possible options of the following 5 commands to be succesfull with this nice integrated ipw2200 chipset: ifconfig iwconfig iwlist modprobe ping aireplay only thing not working Will not inject even with the patch enabled. it's not an irqpoll problem). Bear in mind you must use rtap_iface=1 when loading the module to use the rtap interface. no driver patching required. for example). you may need to use irqpoll at boot to avoid an IRQ conflict on your computer -see below ipw3495 (in that case the conflicting device won't work at all so if it's just injection that fails. But to achieve this you have to learn and master some essential of linux connectivity tasks. however ony aireplay-ng injection attacks -2. but deauth is not the only method. Monitor mode works but packet injection doesn't seem to be working. You only have to check the manuals. That means deauth and other attacks that may require management frames can't work. We could not use any injecion on this due to it using Centrino technology. But the true is that full funcionality is found on this chipset except for a few injection attacks that doesn't prevent you from auditing WEP and WPA wireless security.0 This tutorial worked out of the box for me.php?topic=1775. Kismet did work for me. • You may feel misfuncionalities when following tutorials step by step without ANY previous knowledge. through which you can sniff while you inject in the eth interface (you have to do it that way or it won't work). • Broadcom 4311-based Dell Wireless 1390 adapter is detected and works as mentioned below. Be careful with the new 2.Injection failing because deauth attack is not posible.. and commands to set up network parameters using the console and troubleshoot results. . especially those for Wep cracking because of its complexity. and -4 work though. Kismet & AirMon didnot work for me. but you have to use 'airmon-ng start wifi0' to set it into monitor mode.6 kernels. Good tutorial for injection can be found here: http://tinyshell. WN360G • • • • Driver : prism54/p54 Use a PCI to MiniPCI adapter with it.0 Network controller: Intersil Corporation ISL3890 [Prism GT/Prism Duette]/ISL3886 [Prism Javelin/Prism Xbow] (rev 01) Mini PCIe (Built in) • Gigabit Atheros card works. Injection is working alright. but you can only inject data frames (arp injecting works.be/aircrackng/forum/index. lspci output : FCC ID: QDWWN360G 01:07.

PCI\VEN_14E4&DEV_4320&SUBSYS_12FB103C BCM43XM1. PCI\VEN_14E4&DEV_4318&SUBSYS_1355103C PCI\VEN_14E4&DEV_4318&SUBSYS_1356103C PCI\VEN_14E4&DEV_4318&SUBSYS_1357103C PCI\VEN_14E4&DEV_4319&SUBSYS_1358103C PCI\VEN_14E4&DEV_4319&SUBSYS_1359103C PCI\VEN_14E4&DEV_4319&SUBSYS_135A103C PCI\VEN_14E4&DEV_4311&SUBSYS_1363103C PCI\VEN_14E4&DEV_4311&SUBSYS_1364103C PCI\VEN_14E4&DEV_4311&SUBSYS_1365103C PCI\VEN_14E4&DEV_4312&SUBSYS_1360103C PCI\VEN_14E4&DEV_4312&SUBSYS_1361103C PCI\VEN_14E4&DEV_4312&SUBSYS_1362103C PCI\VEN_14E4&DEV_4312&SUBSYS_135F103C IPW3945 • • • • Driver : IPW3945 Special Notes : Enable the drivers via KDE menu or cd /usr/src/drivers/ipw3945-1.Broadcom BCM4311 802. . PCI\VEN_14E4&DEV_4324&SUBSYS_12F9103C BCM43XM2. A guide can be found [here] • Or an easy to use lzm module can be found here [here] • Note : This driver is not included in Backtrack2 by default. BCM43XG13. BCM43XG3. BCM43XM12. BCM43XM11./load Special Notes : Enters monitor mode. BCM43XM14.sys Notebook HP nx6315 Notebook HP nx7400 Notebook Dell Inspiron 1501 Notebook Dell Inspiron 1505\6400 Notebook Dell Latitude d820 D820 is detected and works but the BCM4311 chip does not work with packet injection • FCC ID: MXF-C941103G • Notebook Dell Dell d520 • Notebook Compaq/Dell V2000US is NOT working.0/ && .com/download/broadcom/2007-6-26/Broadcom4311-BCM4311KFBG-Driver_0. PCI\VEN_14E4&DEV_4320&SUBSYS_00E70E11 BCM43XGT.wireless-driver. BCM43XG12. Windows Drivers and Client Software: http://www. IPWRAW (IPW3945 Monitor + Inject) • Driver : IPWRAW. BCM43XM13. PCI\VEN_14E4&DEV_4320&SUBSYS_12F8103C BCM43XG2. BCM43XG2. PCI\VEN_14E4&DEV_4320&SUBSYS_12F4103C BCM43XG1. but cannot inject Special Notes : You may need to start the image with "bt irqpoll" Good way to tell: you see what looks like function call backtraces on startup and the suggestion to run "bt irqpoll" scrolls by pretty fast. PCI\VEN_14E4&DEV_4320&SUBSYS_12FA103C BCM43XG3.2. PCI\VEN_14E4&DEV_4324&SUBSYS_12FC103C BCM43XG1. BCM43XG11.htm PCI ID: BCM43XG. BCM43XM3. Check your dmesg for more details if it scrolls too fast for you. BCM43XM2.11b/g • • • • • • • Driver : bcm43xx Driver : bcmwl5. Packets appear to send but after testing on a separate card I was able to determine that NONE of the attack modes work properly. BCM43XM1.

• Special Notes : Locked in monitor mode and can be used in all aireplay-ng attacks. ifconfig wifi0 down #Change to AP BSSID nano /sys/class/net/wifi0/device/bssid # Channel of AP nano /sys/class/net/wifi0/device/channel # Change from 108 to 2 nano /sys/class/net/wifi0/device/rate ifconfig wifi0 up airodump-ng rtap0 #wifi0 is used for all other commands. works natively on backtrack3 • Injection: no.conf to "source=ipw3945. Forum users report 100% working.Intel" • Notice: After starting airodump-ng only run one command at a time. IPW4965/IWL4965 agn • Monitor: yes. there are works being done on it. everything goes like in aircrack-ng tutorials Agere Systems ORiNOCO GOLD PC Card Classic • Notes: see Enterasys Roamabout 802. • For Kismet. If you do not your system may hang or freeze.wifi0. making this the cheapest working Atheros (and maybe . injection works. To load the driver modprobe iwl4965 Gigabyte GN-WS50G b/g • • • • Driver: Madwifi-ng Managed: yes Monitor: yes Injection: yes PCMCIA Cards 3COM 3CRWE154G72 v1 • Driver : prism54/p54 • Chipset : Intersil PrismGT FullMAC • Notice : other revisions of this card are not prismGT FullMAC 3COM 3CRPAG175B with XJACK Antenna • Driver : Madwifi-ng • Chipset : Atheros AR5212 • Notes : detected at boot time. edit your Kismet.11 DS High Rate AirLink101 AWLC4130 • Driver : Madwifi-ng • Chipset : Atheros • Notes: Found at boot up.

Detected at boot-up with latest BT2. Belkin F5D7010 V5000 • Driver : Atheros • Chipset : Atheros • Notes : Works great from what I could tell. Packet injection appears to work. unfortunately packet injection does not work. ASUS WL100G • Driver : bcm43xx • Chipset : Broadcom BCM43xx • Notes: It is found at boot-up and is ready to go.overall) card out there. Belkin F5D7010 V6000 • Driver : RT61 • Chipset : Ralink • Notes: after untar the files. Didn't have an opportunity yet to test the packet injection so can't report on that. make clean. Belkin F5D6020 v3 • • • • Driver : Realtek Chipset : rtl8180 Notes: Requires terminal input of iwconfig and dhcpcd wlan0 Notes: Full capability and injection Belkin F5D7010 V1000 • Driver : bcm43xx • Chipset : Broadcom BCM43xx • Notes: Detected at boot-up and is ready to go. in the Module dir. Buffalo WLI-CB-G54HP • Driver : bcm43xx/b43 • Chipset : Broadcom BCM4318 . I have no had any problem to put it in Monitor mode. Belkin F5D7010 V3000UK • Driver : RT61 • Chipset : Unknown will update later (SORRY) • Notes : Detected at boot-up with final BT2 (ra0). make debug and then make install then modprobe rt61 debug=1 Belkin F5D7011 • Driver : bcm43xx • Chipset : Broadcom 4306 • Notes: Picked up on boot and I can inject into my router without a problem.

fl H/W Rev A1 FCC ID: KA2DWA645A1 (PPD-AR5BCB-00071) H/W Rev B1 FCC ID (NOT SUPPORTED): KA2DWA645B1 Comments: Works on BT4b under both madwifi-ng (without n-draft mode I think) and ath9k (but probably with no injection) Be aware of H/W Rev: B1 as this contains Marvell chipset which is most likely not supported at all. External pictures of Rev A1: https://fjallfoss.gov/prod/oet/forms/blobs/retrieve.ko got an error and modified it a bit and it worked.fcc. More information: airo Cisco AIR-PCM350-T • • • • Driver : airo_cs Chipset : Cisco Aironet Monitor mode HOWTO Special Notes : airodump-ng output on wifiX shows garbled output whilst ethX does not work. More information: airo Cisco Aironet AIR-CB21AG-A-K9 • Driver : Madwifi-ng • Chipset : Atheros • lspci : 03:00. Kismet will work with this card. Use b43 driver and mac80211.gov/prod/oet/forms/blobs/retrieve. AR5212 802.11abg NIC (rev 01) Dlink DWA-645 • • • • • • • Driver: Madwifi-ng/ath9k Chipset: Atheros AR5416 a/b/g/n External Antenna: None Internal Antenna: 3x Hirose u. cd /usr/src/drivers/acx100 && insmod . Dlink DWL-650+ • Driver : acx100 • Chipset : Texas Instruments ACX100 • Special Notes: Enable the drivers via KDE menu or cd /usr/src/drivers/acx100/ && insmod . bcm43xx will not show correct PWR levels in airodump-ng and may have issues with injection if not at PPS (Packets Per Second) Cisco AIR-LMC350 • • • • Driver : airo_cs Chipset : Cisco Aironet Monitor mode HOWTO Special Notes : airodump-ng output on wifiX shows garbled output whilst ethX does not work. Kismet will work with this card.fcc.cgi? attachment_id=643507&native_or_pdf=pdf External pictures of Rev B1: https://fjallfoss.• Notes: It is found at boot-up and is ready to go.0 Ethernet controller: Atheros Communications./acx100./acx. Inc.cgi? attachment_id=662985&native_or_pdf=pdf External pictures courtesy of fcc website.ko . Packet injection works perfectly.

iwconfig ath0 channel 1.2. D-Link WNA-1330 • Driver : Madwifi-ng • Chipset : Atheros When the card is enabled and in monitor mode it can not change back to channel 1 via iwconfig commands. Dlink DWL-G650M • Chipset: Atheros Communications. You will need to downgrade to 7.Dlink DWL-G650 • • • • Driver : Madwifi-ng Chipset : Atheros AR5212 a/b/g For Kismet.52 and apply 3.com/library/post/computers-orinocohermes-firmware-extraction.[3] Enterasys Roamabout 802. To get the card back on channel 1 for monitoring. edit your kismet.com/HOWTO_Orinoco_USB#Kismet Hermes I version for sniffing. wavelan_cs Chipset : Hermes I Mode : 802.72 Firmware downloads source 1 : http://orinoco.at/ Firmware downloads source 2 : http://www. http://gentoo-wiki. . Suggested to downgrade the firmware may help. It will not COMPLAIN either.11b only (11Mbps) Driver capabilities : Connect + Monitor only Driver Source 1 : http://www. and then ifconfig ath0 up.andrewhakman. you'll have to ifconfig ath0 down. iwconfig ath0 channel 1 Will not work.11bg Wireless NIC (rev 01) This chipset is not yet supported as it is a MIMO capable chip.Atheros" Notice: To set up into Monitor Mode type: airmon-ng start wifi0 ifconfig ath1 up iwconfig ath1 mode Monitor Dlink DWL-G630. you don't know that it's not working.gotchi.conf) to "source=madwifi_g.conf file (/usr/local/etc/kismet.html • Notes : • • • • • • • • • • • • The firmware supplied cannot be used to monitor as orinoco_cs notes the firmware as buggy. 650+/Refer to this site for information.dhs.nongnu. So unless you are actually double-checking the freq you are on.org/orinoco/files/ More information: http://airsnort. wvlan_cs. Inc.11 DS High Rate Driver : orinoco_cs.html firmware extract (download for 2.com/orinocoinfo.html Driver Source 3 : http://secure.vox.28 and above) howto: http://tuxsavvy.enterasys.projectiwear.com/software/RoamAbout/CSIxD/linux/ Firmware supplied : Lucent/Agere 8.shmoo.6.1 patch. AR5005VL 802.org/~plasmahh/orinoco.wifi0.org/orinoco/ Driver Source 2 : http://www.

• Update: Theoretically one is able to use airjack to make hermes do some mitm attack however that will require more deeper analysis. [4]. Notice : Seems to work 100%.24 and/or wireless-2. Motorola WN825G v2 • Driver : bcm43xx • Chipset : Broadcom 4306 Card is recognized in response to "iwconfig" but LEDs do not illuminate until "ifconfig eth# up". bcm43xx driver will soon be deprecated and for this chipset it will not indicate PWR levels with airodump-ng. It is perfect for wardriving and sniffing wireless networks though.4Ghz 802.11g Wireless LAN Controller (rev 02) • Subsystem: Linksys WPC54G-EU version 3 [Wireless-G Notebook Adapter] Monitor mode currently supported but injection may or may not work with bcm43xx. Apparently a new driver is coming out dubbed as b43 and is only available in either kernel >=2. this card doesn't support packet injection because it is Hermes I based.6. BT3 Users read this. Gigabyte GN-WM01GT AirCruiserG Mach G • • • • Driver : madwifi-ng Chipset : Atheros 2. See here for Broadcom injection. • Note: see section: Enterasys Roamabout 802. . Injection will work after patching b43 via mac80211 stack. NetGear MA401 • Driver : HostAP • Chipset : Prism 2 To inject packets you have to load the HostAP driver. Injection not tested but should work similarly to other Broadcom cards. Interface is: ath0 Lucent Technologies Orinoco Silver Works perfectly out of the box.6 git. However.11 DS High Rate Linksys WPC11v4 • • • • Driver: rtl8180 Chipset: rtl8180 Notes: Requires terminal input of iwconfig and dhcpcd wlan0 Notes: Full capability including injection Linksys WPC54G v3 • Driver : bcm43xx/b43 • Chipset : Broadcom Corporation BCM4318 [AirForce One 54g] 802.11b/g 108Mbps with internal antenna.

exactly the same chipset.-4. have cracked many WEP keys. If it still isn't. NetGear WG511 v2 • Driver : prism54/p54 • Chipset : Intersil PrismGT FullMAC . NetGear WPN511 .L connectors internally. One of them has connector the other does not have one soldered on. These cards are extremely rare but they sport 2x Hirose U.-3.-5) If you can't get this card to run in Monitor mode try the following: BT ~#airmon-ng stop ath0 BT ~#airmon-ng start wifi0 Then run iwconfig and check if ath0 is in Monitor mode.F.NetGear WPN511 • Driver : Madwifi-ng • Chipset : Atheros • Comments: Monitor mode and packet injection supported. Supports all current Aireplay-NG attacks (-1. All current supported attack modes 0-5 tested and working perfect.L. If it isn't. Supports packet injection. and ath1 should be in Monitor mode. NetGear WG511T • Driver : Madwifi-ng • Chipset : Atheros • Notes: Works with Backtrack. Also known as WPN511GE. lspci : 03:00.0 Network controller: Intersil Corporation ISL3890 [Prism GT/Prism Duette]/ISL3886 [Prism Javelin/Prism Xbow] (rev 01) Works great with Backtrack 2 Final.-2. (out of the box).Range Max • • • • Driver : Madwifi-ng Chipset : Atheros AR5212 a/b/g Internal Antenna: 2 x Hirose UF. try: BT ~#airmon-ng start wifi0 NetGear WAG511v2 • Driver : Madwifi-ng • Chipset : Atheros NetGear WG511 v1 • • • • Driver : prism54/p54 Chipset : Intersil PrismGT FullMAC Notice : See here for Netgear's ambiguous naming of models. Comments: Monitor mode and packet injection supported. try the following: BT ~#ifconfig ath0 down BT ~#airmon-ng start ath1 wifi0 should now parent ath1.

PROXIM ORiNOCO 802.24 package. NetGear WPN511GR • Driver : Madwifi-ng • Chipset : Atheros Netgear WPNT511 • • • • • Driver: N/A *Windows only: ndiswrapper* Chipset: Airgo AGN300 True MIMO External Antenna: None Comments: No linux drivers yet.24 mainly because its a softmac and it was not heavily supported until the release of p54. 88w8335 [Libertas] 802.6. you should email Marvell directly. • lspci : 03:00.6. Do not hold your breath for monitor/injection support either.24 or wireless-git-2.6. This requires kernel version either 2. NetGear WG511 v3 • Driver : p54 • Chipset : Conexant PrismGT SoftMAC • Notice : See here for Netgear's ambiguous naming of models. See here for information on external antenna hack. Ndiswrapper may work for normal connection but nothing else. Not recommended for beginners and not patched at all yet.11b/g Wireless (rev 03) lspci -n : 11ab:1faa (rev 03) FCC ID : PY3WG511V2H1 CANADA ID : 4054A-WG511V21 CE : 0470 There are no native linux driver support for this chip. One of them has connector the other does not have one soldered on.• Notice : See here for Netgear's ambiguous naming of models. Netgear WG511U • • • • Driver : Madwifi-ng Chipset: Atheros AR5212 a/b/g External Antenna: None Internal Antenna: 2 x Hirose UF. This card requires compat-wireless or kernel build later than 2.net/projects/agnx80211driver/.11b/g Gold (Model: 8470-WD) • Driver : Madwifi-ng • Chipset : Atheros .L. If you want to gain native linux driver support.0 Network controller: Intersil Corporation ISL3890 [Prism GT/Prism Duette]/ISL3886 [Prism Javelin/Prism Xbow] (rev 01) Like its brother NetGear WG511 v1 this one also works well except it only has 1x Hirose U. The release of p54 driver depends on mac80211 rather than ieee80211 (old and deprecated support for other softMAC based devices). NetGear WG511v2 • • • • • • Chipset : Marvell lspci : Marvell Technology Group Ltd.F.L connector. Update: Linux native (alpha stage) available: http://sourceforge.

BackTrack3 Users should try this OR this if their card is not automatically detected under BT3 or no injection is available.php? p_faqid=1082 Linux Drivers: http://www. The command to do this is: ifconfig eth1 up You will now see the "Power" and "Link" lights have turned on. iwpriv wlan0 writemif 62 127 Sitecom WL-100b • • • • • • Driver: bcm43xx Chipset: Broadcom 4306 External Antenna: None Notes: Tested with BackTrack 3 beta released on 14th December 2007. See here to use HostAP driver) Chipset : Prism 2.conf to "source=hostap.cfg/php/enduser/std_adp. Notes: The wireless interface is eth1.proxim.• Notice : To set monitor mode type "airmon-ng start wifi0" and then use ath1 • If your card does not appear to be recognized when you first insert it. type "modprobe ath_pci" and then run "dmesg" again.conf to "source=madwifi_g. 700MB CD version (bt3b141207.de Here are the results: [5][6][7] Force the card to give the maximum txpower. • For Kismet.Prism2" Notes: If you are using orinoco_cs drivers.wifi0. iwpriv wlan0 alc0 iwpriv wlan0 writemif 62 128 Force the card to give the somewhat minimum txpower. FCC ID: NI3-2511CD-PLUS3 For Kismet.org Senao NL-2511CD/SL-2511CD PLUS EXT2 • • • • • • Driver : HostAP (wlan-ng drivers have been removed from BT2 final.74 is suggested. edit your Kismet. and it must be "brought up" before use.Atheros" Windows Drivers and Client Software: http://support. ifconfig wlan0 up iwpriv wlan0 alc 0 iwpriv wlan0 readmif 116 [-> actual powertx value] iwpriv wlan0 writemif 62 49 [-> I've no idea at all why "49"] iwpriv wlan0 readmif 116 [-> now showing something around 252] With a Spectran HF-2025E spectrum RF analyzer from elektrosmog. you need to follow this as orinoco_cs is not recommended for this device. • To raise the output of this card to 250mw Not verified Caution! This might destroy your card if you do not know exactly what your doing! The change in readmif seems stable only in Master mode.com/cgi-bin/proxim.5 Firmware : 1. check [here] for instructions. which indicates that the card is ready for use. .madwifi.Wlan0. edit your Kismet. Notes: Both monitor mode and packet injection work fine (with the following caveats below).iso).

Packet injection works perfectly. so it keeps crashing every hundred packets or so. SMC 2532W-B • Driver : HostAP • Chipset : prism2. I've found that "30" is the highest value it can take without crashing.5 SMC SMC2536W-AG • Driver : Madwifi-ng • Chipset : Atheros AR5212 a/b/g • External Antenna : None SMC WCB-G • Driver : Madwifi-ng • Chipset : Atheros SWEEX LW051 ver:1.11abg NIC (rev 01) Product Page Wistron WLAN 802.11a/b/g Cardbus CB9-GP • Driver : madwifi-ng • Chipset : Atheros AR5212 . Inc. This will slow things down quite a bit.0 Ethernet controller: Atheros Communications. but not too badly and at least it works. which will limit aireplay-ng to 30 packets per second. add option: "-x 30" to the command line. To fix this.0 • Driver : Madwifi-ng • Chipset : Atheros AR2413A • Notes: It is found at boot-up and is ready to go.11abg NIC (rev 01) • [External Antenna Modification] TP-link eXtended Range 54M Wireless Cardbus Adapter (TL-WN510G) • Drivers : MadWifi-ng • Chipset : Atheros AR5212 b/g Ubiquiti SRC • • • • Driver : Madwifi-ng Chipset : Atheros AR5212 a/b/g FCC ID: SWX-SRC lspci : 03:00.• Notes: When using the --arpreplay option of aireplay-ng. AR5212 802. but BT2 says it is a AR5212 which seems to make no difference. the default packet speed is too fast for the bcm43xx driver to handle. TP-link SuperG&eXtended Range 108M Wireless Cardbus Adapter(TL-WN610G) • Drivers : MadWifi-ng • Chipset : Atheros AR5212 802.

Inexpensive (<$10).6. kernel <=2.6. Easy to antenna mod.24) • Chipset : Realtek 8187L • For Kismet.24) • Chipset : Realtek 8187L • For Kismet. Full capability and injection ALFA Networks AWUS036E • Driver : rtl8187 (mac80211.X-Micro WLAN 11g PCMCIA Card (XWL-11GPAG) • Driver : Madwifi-ng • Chipset : Atheros ZCom XI-325HP+ • Driver : HostAP • Chipset : Prism 2. This device does not exactly need both USB connectors plugged in for it to work.ALFA" • Notes : You can turn this device to go ~300mW but do be warned that this may damage your device. ALFA Networks AWUS036S • Driver : rt73 • Chipset : Ralink RT73 This card works out of the box including injection with BackTrack3. edit your Kismet. The only reason why it was provided with two USB connectors is because of an instance whereby a person uses either an unpowered USB hub and/or the output from the computer's USB port is inadequate (very rare case for computers to do that. You will need to ifconfig device up before you can . So having the second USB connector plugged in gives the USB network dongle a slightly upper hand advantage in being provided with more power. kernel >=2.6.6. most do power their USB ports) and with other USB devices hooked onto either the unpowered USB hub or computer's USB ports there may not be enough power for the USB network dongle to work.24)/r8187 (ieee80211.24)/r8187 (ieee80211.conf to "source=rt8180. kernel <=2. Also WPA under this mode is not supported.conf to "source=rt8180. ALFA Networks AWUS036H • Driver : rtl8187 (mac80211. edit your Kismet. • Notes : There is a common misconception with regards to this device requiring two USB connectors.5 Zyxel ZyAIR G-100 PCMCIA Card (FCC ID:N89-WE601l) • Driver : prism54/p54 • Chipset : Intersil PrismGT FullMAC USB Dongles Airlink101 AWLL3026 • Driver : zydas • Chipset: zd1211rw • Nice USB Dongle.ALFA" This card works out of the box including injection with BackTrack3.wlan0. kernel >=2.wlan0.

39 and the windows drivers from the cd. packet injection works great. Later versions (don't know which ones) use the bcm43xx chipset from broadcom. Injects IV's at a very slow rate (about 300-500 IV's per minute). ASUS WL-167G • Driver : rt73 (older version rt2570) • Chipset : rt2571WF (older verson Ralink 2570) Notice : Range is moderate but both monitor mode and injection work perfectly.Used ndiswrapper version 1.000. After patching.set monitor mode. My version 3 card did not go into monitor mode.1 • Driver : ndiswrapper • Chipset :Texas Instrument TNetW1450 • Notice : NdisWrapper will never work with Aircrack-ng Suite Notice : Works fine even with WPA/WPA2 encryption. 'modprobe bcm43xx' then 'ifconfig -a' you will see your adapter as ethX • It will not inject packets ** Belkin F5D7050 (4000 series) • Driver : zd1211rw • Chipset : zd1211b Upon boot. taking about 35 hours to collect 1. Belkin F5D7050 V1 • Driver : rt2570 • Chipset : rt2571F Worked fine upon boot.6 along with rtl8180 driver to get this working. Belkin F5D7050E • Driver : rtl8180 (mac80211 stack) • Chipset: Realtek RTL8187B • FCCID : K7SF5D7050E You will need compat-wireless2. arp replay. . all of the various attacks (fragementation. etc. chopchop. However.000 IV's. possibly due to different radio chip. fakeauth) work fine with aircrack-ng. Update : Injection is faster under bt4 beta (300-400pps). AVM Fritz!Wlan USB V1. Belkin F5D7050B • Driver : rt73 • Chipset: Ralink 2570 Works fine on boot including packet injection. • Notes: FCC ID k75-f5d7050b is reported to not being able to detect APs. Just need to ifconfig wlan0 up to use it. if you patch the kernel following the instructions at [8]. works fine in monitor mode but doesn't inject packets.

Additionally. .0 dev.11 kernels or older. Monitor mode and packet injection supported.5 • Notice : There are drivers for injection however they only work on 2. its covering is very limited.03 B1 • • • • Driver : rt2570 Chipset : Ralink 2570 lsusb : Bus 1 Device 3: ID 2001:3c00 D-Link Corp.2.Belkin F5D7051 • Driver : rt73+rt2570/rndis_wlan (mac80211_stack) • Chipset: rt2570/bcm4320 Belkin have changed the chipset that they use in the usb adapters apparently.org/doku. C1 uses [ralink] RT73 This dongle must be tweaked if u want to inject with it. B1 [ralink] Notice : rev. There will probably be no support for rndis_wlan in terms of monitoring/injecting.1 H/W A1 • Driver : wlan-ng • Chipset : prism 2.6.11g rev. Owners of the older version of the hardware (with rt2570) are recommended to use serialmonkey's/ASPj's driver which should already be included in the backtrack. recommended a cantenna!!! Rev B1 users read here VERY IMPORTANT (credit goes to allelectrix from aircrack-ng forum) D-Link WUA-1340 • • • • Chipset: Ralink 2571 (RT73) Driver : rt73 Chipset : Ralink Notice : Follow instructions for using driver with aircrack-ng: http://www. [hex] DWL-G122 802. D-Link DWL G122 (USB) F/W 2. The bcm4320 drivers will only work with rndis_wlan which requires mac80211. They now use the bcm4320 chipset instead of the rt2570.php?id=rt73 Edimax EW-7317UG • Driver: zd1211rw • Chipset: zd1211 • Notice: After updating aircrack suite to aircrack-ng 1. Buffalo Airstation G54 WLI-U2-KG54-AI (2A) • Driver : rt2570 • Chipset : Ralink 2570 Chiefmax • Driver : RT73 • Chipset : rt2571WF D-Link DWL 122 (USB) F/W 3.aircrack-ng.

Edimax EW-7318USG • Driver : rt73 • Chipset : Ralink • Notice : Follow instructions for using driver with aircrack-ng: http://www. B: zd1211b (supported) lsusb: Rev. A: unknown Rev. however. .1. Apart from that. A: zd1211 (not supported) Rev. the following driver does: http://homepages. Notice 2: Built-in [BackTrack] Driver does not support fragmentation attack. airodump.de/~p_larbig/wlan/rt73-k2wrlz-2.php?id=rt73 Hawking HWUG1 • Driver: rt73 • Chipset: ralink • Injection and monitor mode work fine.0. just have to "ifconfig rausb0 up" and it works Hawking HWU8DD • • • • Driver: Rev.Update driver to v. is by the sticker on the actual device (on the bottom) or the actual CD. Does not capture WPA/WPA2 handshake.11b/g WiFi Notice 1: The interface is named rausb0. not eth0 or ath0 etc.lzm and to compile the included driver from the link above.bz2 Needs activation before use bt ~ # ifconfig rausb0 up bt ~ # iwconfig rausb0 mode monitor Everything works out of the BT3 box! Linksys WUSB600N • Driver : rt2870 (modified by hirte and nemesis) • Chipset : Ralink rt2870 a/b/g/n You will need kernel. on the box/packaging it would have vista ready sticker for Rev. A: unknown Rev. Linksys WUSB54g v4 users read here VERY IMPORTANT (credit goes to allelectrix from aircrack-ng forum) Linksys WUSB54GC • • • • Driver : RT73 Chipset : Ralink Technology.6.0 Extremely easy to antenna mod. B Linksys WUSB54g v4 • Driver : rt2570 • Chipset : Ralink 2570 No problems with any injection (kismet.tar. Very good USB dongle.tu-darmstadt.). Corp. 802.1.. B: 0ace:1215 ZyDAS WLA-54L WiFi? Credits: Talkie Toaster/openxs The only way to tell the difference between Rev. A and Rev B.aircrack-ng..org/doku.B: zd1211rw Chipset: Rev.

kernel >=2. successfully reinjects packets while monitoring.5 FCC ID: PY3MA111 (links to M4Y-00735) lsusb: 0846:4110 This is a very old device that will never be supported for the time being.asp 2)change to root shell 'sudo su -' 3)rmmod ndiswrapper 4)ndiswrapper -i netwg11t. You will need firmware for this and the current status for monitoring/injection is unknown. • GW3887 users : Use p54usb driver. There has been no easy way of identifying the difference between the two apart from checking the FCC ID or via plugging it in.6.24) // p54 (mac80211) • Chipset : Realtek RTL-8187L // Intersil-Conexant GW3887 • FCC ID : PY305400026 // PY3WG111V2 Be careful not all wg111v2 sticks have the realtek chipset the v2 with the word netgear set into the stick.6.1 is here: http://kbserver. Corp. NetGear WG111T • • • • Driver : ndiswrapper Chipset : Atheros AR2112A-00 FCC ID: PY3WG111T Notice : NdisWrapper will never work with Aircrack-ng Suite You can breath life to your small USB-WG111T by doing the next steps: 1)Download and extract the driver (using wine?) from Netgear As of 2008-03-29. Users can read here NetGear WG111v2 • Driver : rtl8187 (mac80211. driver 2. • USB ID: 0846:6a00 is Realtek RTL-8187L chipset • USB ID: 0846:4240 is Intersil/Conexant GW3887 chipset • RTL8187L users : Drivers are available on the forum however the range on this card in my opinion is poor. older versions of this card is equipped with Conexant and the later versions are with Realtek. kernel <=2. 802.netgear.inf 4)modprobe ndiswrapper 5)iwconfig Netopia ter/gusb-e • Driver : rt2570 • Chipset : Ralink Technology.6. type `lsusb' when you have the device connected.11g WiFi • Notice : works fine as i know . Apparently. NetGear MA111 • • • • Driver : wlan-ng (requires patched version which cannot be used on kernels > 2.MicroEdge MEG55A Wireless-G USB Dongle • Driver : rt2570 • Chipset : Ralink rt2570 • Notice : Works fine out of the box. airmon-ng start rausb0 kicked straight into monitor mode.20) Chipset : Intersil Prism 2.24)/r8187 (ieee80211. To verify the differences.com/release_notes/d103172.

Corp. kernel <=2. Once I got this card working. In bt3 the issue is fixed but it drops the packets out instead of properly processing them.tu-darmstadt.bz2 ifconfig rausb0 down airdriver-ng remove 31 tar xvjf rt73-k2wrlz-3. With bt2 there's issues with airodump-ng as it sometimes output garbled letters in various fields notably in the ESSID section.0. RT2501USB Wireless Adapter • Notice : At first I plugged this in to my computer. Here are the steps to update the driver and make this card work: Download the latest driver from http://homepages.0. the latest driver is 3.tar.tu-darmstadt.24) • Chipset : Realtek 8187L • Notice : Works right out of the box on BT2 and BT3.6. injected as well as either.2 http://homepages.6. SafeCom SWMULZ-5400 • Driver : zd1211rw • Chipset : zd1211b • Notice : Works with packet injection with new patch found in aircrack-ng 0.2. enable monitor mode with airmon-ng. ZyDAS 1211 • Driver : zd1211rw • Chipset : ZyDAS Chipset . just have to "ifconfig rausb0 up" before anything Rosewill RNX-G1(W) • Driver : rtl8187 (mac80211. it detected more AP's than my WMP54G and my Netgear WG111v2.de/~p_larbig/wlan/rt73-k2wrlz-3.8 TP-Link TL-WN321G • Driver : rt73 • Chipset : Ralink Technology. but did not report Power properly. airodump-ng rausb0 showed no APs detected.0.2. Updating to the latest driver made this work.OvisLink Evo-w54usb • Driver : rt2570 • Chipset : Ralink 2570 • Notice : injection works.tar.bz2 cd rt73*/Module make make install modprobe rt73 ifconfig rausb0 up USB WiFi Booster Kit with 5dbi Indoor Dipole • • • • Driver: zd1211rw Chipset zd1211b lsusb: 0ace:1215 FCC ID: ??? Tested to work on bt2 and bt3. something to do with rate limiting.de/~p_larbig/wlan/ As of 2009-04-16.and it didn't work. kernel >=2.24)/r8187 (ieee80211.

) start aircrack-ng manually g.com/index. Realtek-USB-Chipset more recommended if u can find it.) start airodump-ng again. get bssid. yet. but after that it worked fine.tv/file/930698/ Conclusion: not perfect.) Close SpoonWEP`s WS-Dump window. Addendum: I had to unzip to /lib/firmware/zd1211. MSI US54SE Version 1 • Appears to use a ZD1211 chipset. It´s only used for starting the correct airreplay mode. for me WEP cracking did only work like this . dump data traffic now f. close it b. -> *NOOB-Compatibility Award* Still.• Notice 1 (properly for BT2): For basic functionality. this is the ONLY attack-mode which will work with 1211b! d. • Notice 2 (for BT3): Test with 1211b / Lutec USB Stick: Works out of the box in monitoring mode. Version 2 • Uses rt73 chipset.. but cheap USB-Dongle WEP-Cracking out of the box .) start SpoonWEP. runs as eth1 (on my box. Retrieved from "http://backtrack.). can run SpoonWEP without any hacks. airreplay standalone DID NOT work!). SMCWUSB-G EU • Appears to use a ZD1211 chipset. yours may differ).but then without any problems: a.php/HCL:Wireless" Views • • • • Article Discussion View source History Personal tools • Log in / create account . Besides.reinsert the card and the firmware should load OK.offensive-security. keep SpoonWEP`s Mainwindow = aireplay thread running e.if u know what to do.) Select 2nd Attack Option (POS801.without any patching . you need to get the firmware from [here]. but ONLY with SpoonWEPs POS801 attack (didn´t find the according aireplay mode. untar it to /usr/lib/firmware/ . Injection is possible without any driver or kernel modding. c. • Notice: This particular rt73-Version is not supported.) you are done! for more help with the commands check: http://blip.) "airodump-ng eth1".

Navigation • • • • • • • Search þÿ Toolbox Main Page Changelog HCL Tools List How-To Modules Bugs Go Search • • • • • What links here Related changes Special pages Printable version Permanent link • • • • • This page was last modified 09:03. 23 August 2009. This page has been accessed 1.com Disclaimers .256. Privacy policy About Offensive-security.194 times.

Sign up to vote on this title
UsefulNot useful